If you are fully known to an enemy or naked in your battle, you may not even stand a chance. If you are giving every piece of information about yourself to the enemy, then they have the power to think accordingly and counter our every move with a smarter move before we even attacked them with it. Think about it?
By the way, I am the curator of CodesMyth, an online platform for Simplifying code and breaking Myths.
But what sense does the above things imply?
Now, we may or may not know it but the top government agencies from all around the world are spying on us continuously 24 X 7 by recording our call location, tracking our mobile GPS, Facebook & Twitter Update, online payment logs & bills, CCTV & ATM & other surveillance cameras. In fact, your every move is being recorded and analyzed by these professionals hiding behind the government mask using some serious deep Learning algorithm. Some of the government organizations that track us are CIA, NSA Pentagon and much more. What’s their motive?
NSA — National security agency | CIA — Central intelligence agency
Deep learning algorithm — machine trained using algorithm to detect the pattern using the past data.
Anonymity — privacy or secure documents
They think that by being recording the activity of all the persons all around the globe, they have the potential to separate terrorists from the clusters of common people by analyzing their actions and pasts. They believe that they can stop these attack by predicting their future moves, thus trying to save millions of lives. But, hiding behind this aim they cannot gives excuses on invading the privacy of everyone which itself is a very big crime.
Yeah, you may not probably know them. Hell, some of you haven’t heard about them. The most popular person among all was the whistleblower Edward Snowden who used to work for NSA, USA. He was unable to give himself excuses regarding what he was doing for the government was right. So, he decided to blew and expose some of the documents which would be enough to prove that the USA government is spying on us. His classified documents can be found out on the deep web. Due to such act, he had to fly to Russia where he is spending current days along with his wife. We may not know them but a large number of whistleblowers are trying to provide anonymity so that we can have our privacy intact and untouched.
In the today’s world of digital information, the most valuable asset of any organization can be its information collected about its users that exists around the globe.
This isn’t about you. No amount of money, gold, diamond, bitcoin can buy us that much information which the government agencies and other top brands are acquiring from the unauthorized ways for free. Think about it. Google stores data which includes search queries of each Google product, our mail, drive and our other data in their cache for 8 years. Facebook does the same for 5–6 years. These government agencies are now keeping track of all your whereabouts. They access all their data from these websites and cross verify them from other sources too.
With this huge big data and deep machine learning algorithm, they already know where were you a couple of seconds ago, they can predict where you are going to be in the next couple of seconds, next one minute or next hour.
All your life will become controlled and all the other factors can be controlled in our life by these external agents. We may end up becoming a sacrificial pawn in their bigger picture.
Think about it. Is it safe to provide such huge amount of information in the hands of a small number of individuals and let them be the undisputed rulers of the world? What’s preventing them from turning against us, the moment things go sideways? What’s preventing them to sell our information from selling our information to the third parties if they need money very badly in order to survive? If you have nothing to hide and you are like an open book, then following things may happen to you:
1- Your identity is never protected — If someone wants a revenge on you, all they need to know is your schedule, lifestyles and close ones.
You may not even know that the person sitting next to you may be there to attempt a hit on you. You may be lucky enough to survive all of these. If they come to know all about our weakness, then all the money and resources in the world won’t be enough to protect you.
A good example of this is South Korea. The Resident registration number is assigned to each citizen of South Korea which is used as an identifier and is required for online registrations for online accounts on websites. According to this, each citizen can create a single account because there will be only 1RRN per citizen. This would remove duplication and forgery. But things didn’t go as planned. In 2006, hundreds of thousands of RNNs were leaked from various consumer databases, and these RRNs were used to create false accounts in a game called Lineage as a part of money laundering operations. The worst part is that these RNNs weren’t stolen by hackers, but were sold by company employees with database access. Every information, even of the credit card was compromised which is not at all acceptable.
2- Personal Harassment is not a new term in our digital world — one of the most amazing things about the Internet is that it can give voices to those who are actively being silenced, allowing them to speak without fear of repercussion from the shadows. But after removing the anonymity, personal views will be replaced by fear of repercussions thus eliminating the productive and constructive decisions in the era. Some examples of harassment include Doxing, swattingand revenge porn.
In 2011, Mohammed Al-Maskati — an outspoken political activist in Bahrain — as arrested and sequestered for eight days, only being released after having signed an agreement to never again mention Bahrain in any form of media. This only happened because he chooses to use his real name instead of fake name.
3- The sensitive issues will be diminished. They refer to those who need more information on a given topic but don’t want to be caught seeking out that information. Most people actually fall into this group without realizing it.
One such example is a person who’s struggling with their sexuality, hasn’t gone public with that struggle, but has many unvoiced questions and concerns. This person can ask all of their questions in an online community where anonymity exists thereby reducing the risks.
The list goes on: people who struggle with mental health issues, people who are cheating in relationships, people who need divorce advice, people who are caught up in legal issues and don’t want to incriminate themselves, etc.
In my personal opinion, NO. A big NO. No, 100%-real anonymity does not exist at all. No matter how much advance technologies you are using, complete online anonymity is not possible.
It depends on the number of government agencies and hackers willing to dedicate their time and resources to put on the use and the importance and sensitivity of the issue that they are handling determines how far they can go to track us.
When someone is tracking us, then all we can do is to make their job difficult by using the right set of tools and techniques and not be there at the point where the trail ends. Just try to create it into a dead end. It generally takes months to years in tracking someone who doesn’t want to be tracked.
We can use tools, techniques, and concepts (when Implemented) for improving our security, thus reducing the amount of the surveillance and data collection going on, resulting in increasing our anonymity and privacy.
These advice matters from person to person and may not be possible for everyone to implement. **The risk involved in using these should not be ignored. Hence, before using them we should learn in deep about them.**Let’s begin with the list, shall we?
Generally, in some cases, we can see that a large amount of email id and password leaked and distributed for free. We can remove this problem by creating a password by hashing the URL of the website with our original password. Didn’t get it. Let me tell you in detail.
We need an extension for the browsers, in which we will implement a simple procedure. As soon as we click submit after entering our user id and password along with other credentials to create our account, then that extension will start performing its function. It will extract the name of the website and password from the Create an Account/Login page and then process them through a hash function.
All of this will happen seamlessly. This way, the **password generated will be long, random and nobody will be able to copy it or generate it with ease. This way, the password will become different for the different website.**This work has been done by some Stanford professors. This will also make it difficult for the hackers to crack our password by brute force or any other method since that too will take a large number of dedicated years and resources. This way, the organizations won’t be having any details of our password.
SEAMLESSLY — Smoothly and continuously without any gaps.
Hash function — a function that can be used to map data of arbitrary size to fixed size.
A large number of people share data through various online Pastebin unaware that their data is being recorded. Especially coders and developer share their work with peers in the Pastebin. Thus, we should use ZeroBin. ZeroBin is a minimalist, opensource online Pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted _in the browser_using 256 bits AES.
Image source: Google Images
Google Chrome saves all our history. To avoid all these, we should use Tor Browser which should replace Google Chrome or any other browser. Tor generally uses the proxy and our IP’s are jumped from different places at from 3 to 8 times. For e.g., your IP may jump from Honk Kong to Germany to India to Japan. Generally, the hackers can track us within 2–3 levels and hence Tor Browsers are most secure till date.
Image source: Google Images
A Tor network is a network which is completely hidden and provides thecapability of anonymity. It also provides access to the dark section of the webwhich are the unindexed pages which the Clearnet search engines cannot open. These unindexed onion websites on the deep web are known as Tor websites and can be used for legal/not-legal purposes. Tor websites are so secure because each hidden service website has a public key and a corresponding private key. The onion address is generated by hashing the public key and taking half of it. Nobody can impersonate the hidden service because you need the private key for it which is known to you only.
To add on to this: If your private key is compromised, your domain is gone forever, and you basically have to get a new domain. So, you get the idea of security.
ProTip: If someone requests you for proof that you own a domain on the dark web, you can take the public key that corresponds to the domain’s private key and gives it to them. They will use that public key to encrypt that message, then you tell them what their message was by decrypting it with the domain’s private key. If they want to verify it, they can hash it themselves and see the results.
Onion Address- such address are not dns address. they uses proxy software. They can be opened through the web browser with the help of tor network
I assume that if you are using the Tor Browser Bundle right now, to be “secure”, then you should disable JavaScript and any other plug-ins, you do that by clicking the “S” besides the Tor onion in your browser, that “S” is NoScript, an Add-on for Firefox.
When you have clicked it, then click “Forbid Scripts Globally (advised)”, that will make sure no website you visit can run scripts, which may be used to uncover your IP or other terrible things.
You are advised to stop scripts because it is believed that some websites of dark web have the power to detect your laptop size, your location and information and even create a backdoor on your system just at the moment you arrived on these sites with the help of the scripts.
Sometimes we need to provide our email address or sign up in order to get hold of a particular item on the Clearnet. It can be books, a song, a video or movie. Just because we need that item, we end up entering our email or end up authenticating via social websites for sign-up where we end up providing too much information because we are way too much lazy to go other way around.
As a result, we end up having spams in our mail and have to go through the trouble to unsubscribe them. One simple hack is going for randomly generated email id and these email ids can be permanently deleted as soon as our cookie from the local browser is deleted. One such mail service is YOPMAIL which provides us randomly generated mail for as long as we need them.
Learn more about YOPMAIL from here.
Image source: Google Images
Clearnet- Clearnet is also known as the surface web and it is the internet that we uses every day for normal work.
We all can prepare ourselves to save the data which is stored in our owns system. But what can we do with the data that is stored up in the cloud or server? What about the chats that we have? What about the social media handles that we have? Eventually, the government, hacker or a rogue employee will find a way and then expose everything you wrote anywhere.
A simple solution for this is an open source project named Privly provides Encryption as the only solution. Privly enables people to trust any storage provider by stealing their ability to read your content. The Privly extensions encrypt our data before you send it to a server for storage. Encrypting your data means the server only sees a scrambled version of your content, a link. This way, you can store your data anywhere without losing your privacy. What it does is that it ends up providing seamless injection into our posts converting the text that is to be stored in the database into a link which will point to that text. If you want to learn more about privly by clicking on the following link:
http://www.codesmyth.com/index.php/2017/07/03/privly-share-private-ly/
Learn more about Privly from here.
Image source: Google Images
Storage provider — places where our data is stored safely in servers or clouds
What if someone uses a mail you sent them in a wrong manner? What if they used your documents in a way that you cannot think about? A simple solution for these is by generating a PGP key. PGP stands for Pretty good privacy. InPGP, each person has two “keys”: a “public key” that you give to other people, and a “private key” that only you know. You use public keys to encrypt messages and files for others or to add users to PGP Virtual Disk volumes. **Thus, sign your emails and other documents including your files with PGP code digitally.**One way to generate your PGP key is through IGolder
Learn more about PGP key generation through Here
An example of PGP signature is shown below.
Image source: Google Images
In Android, apart from the privly Android app for posting to social media, we can use Orbot and Orfox. Orbot helps in the proxy and routing the network frequently, making it difficult for tracking. Orbot can work for all the Android apps. Orfox is the web browser where you can browse the dark web and open other websites. It basically works on the principal of TOR and is one of the main project of THE TOR FOUNDATION.
Learn more about Orbot here
Image source: Google Images
Learn more about Orfox here.
Image source: Google Images
Learn more about Privly Android App here
Image source: Google Images
In general, always use VPN, since it creates false network or proxies and the hacker tracking you ends up in the location of that false network. One such example is Hotspot Shield.
VPN — virtual private network
Image source: Google Images
Another method is to use Bitcoin where ever possible. Payment by bitcoin is by far the most successful ways to transfer money online. Money transferred with the help of the banks are traced and hence violate privacy.
Image source: Google Images
This concept, if implemented, will have a great role to play in our anonymity. I haven’t been able to find out OS with such features till now.
An OS for people who hate surveillance of the NSA and governments. An OS for the paranoid and the realistic. The following Techs would make it better than other OS’s:
· It should perform a **full Remote Mobile Wipe (with encrypted password)**if any of its data is compromised.
· It should provide a Full multi-layer encryption for the users and all other software.
· It should use Tor as a browser. No other browser should be used without routing its network packets through Tor Network
· A full proof Virus detection and counter data stealing methods (I kind of used some of the blackphones ideas here). A blackphone is a smartphone built to ensure privacy by providing internet access through VPN.
· It should always block PRISM-related software/sites and the definitions for these protocols should be updated from time to time
· Identity Creator software (Creates profiles and online identities for fake name and adds pics and bio you select) should be installed to use some one-time services offered by the third party. You can use these on prism sites.
· A USB’s need to be verified before use with admin Password to prevent some other from creating a backdoor into our system.
· It should Automatically encrypt all files and folders as soon as they reach the system.
· Preventing software’s/viruses from detecting/deleting files and folders
· Automatically password protects files uploaded to the internet and other devices by using a master password.
· If any PC is connected to the Bluetooth, then our OS should internally detect Bluetooth devices in the area and if they are suspected of being NSA/PRISM related, then the user is warned and Bluetooth hacking software will be opened for user to shut down the devices connectivity. However, if no action is taken within 1 minute it automatically is hacked. (Don’t know this can be done from Wi-Fi too)
· Using Automatic VPN/proxies use and Proxies will rotate in a suitable interval of time.
· Free anonymous email installed. Tor Mail can be used in this context.
· Anonymous video chat pre-installed- Have not heard about such software being implemented.
· Anonymous Torrent programs — The seeders and Leachers from the Clearnet torrent does not allow the TOR to function properly and may end up giving our exact location.
· Wipe PC hotkey and 1 verification for password then erases with 40 passes.
· An Anti-brute force with 5 tries for password and then auto wipe or unlock from mobile which has some secret key.
· Anti-remote administration to know what’s happening around our system when we are not there
· Second password that if entered will erase everything (Anti-fed)
· Warns if the NSA-related hardware is installed or trying to change administrative permissions.
This concept is inspired by a technical discussion of the dark web.
We can also use TAILS OS which is a live Operating System designed to direct all your internet traffic through Tor, you can use it in a Virtual Machine but it is probably best if you burn it to a DVD or USB. Tails will leave no trace on the computer you are using and provides all the other security measures.
It will be good if we all try to acquire some privacy rather than not having it all.
These methods help us in acquiring and protecting our personal information. However, it is not possible for all of us to implement these, but we can do whatever it is in our potential to make our lives more secure, make our world more secure and prove it to everyone else that
Security is not just an illusion out in the real world.
Other than that, don’t be stupid, don’t say or do anything that could reveal the real identity, don’t use nicknames, passwords or anything else that you’ve used on the Clearnet which then could be used to identify you.
But none of this makes any sense if are you are not care full and leave hints of who you are here and there. Remember, the three letters agencies are VERY good on profiling.